[sr-dev] [kamailio] kamailio 4.3 crash in update_dialog_vars_dbinfo (#301)

MayamaTakeshi notifications at github.com
Fri Aug 28 09:51:31 CEST 2015


I got a new crash in another small VM.
There was some corruption as the linked list got into a loop:
```
Core was generated by `/usr/local/src/git/kamailio-4.3/kamailio -m 256 -M 16 -P /var/run/kamailio.pid'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f8f2a2aa9da in update_dialog_vars_dbinfo (cell=0x7f8f1634b738, var=0x3433) at dlg_db_handler.c:651
651		SET_STR_VALUE(values+2, var->key);
Missing separate debuginfos, use: debuginfo-install bzip2-libs-1.0.5-7.el6_0.x86_64 db4-4.7.25-19.el6_6.x86_64 elfutils-libelf-0.161-3.el6.x86_64 glibc-2.12-1.166.el6_7.1.x86_64 keyutils-libs-1.4-5.el6.x86_64 krb5-libs-1.10.3-42.el6.x86_64 libacl-2.2.49-6.el6.x86_64 libattr-2.4.44-7.el6.x86_64 libcap-2.16-5.5.el6.x86_64 libcom_err-1.41.12-22.el6.x86_64 libgcc-4.4.7-16.el6.x86_64 libselinux-2.0.94-5.8.el6.x86_64 lm_sensors-libs-3.1.1-17.el6.x86_64 lua-5.1.4-4.1.el6.x86_64 mysql-libs-5.1.73-5.el6_6.x86_64 net-snmp-libs-5.5-54.el6_7.1.x86_64 nspr-4.10.8-1.el6_6.x86_64 nss-3.19.1-3.el6_6.x86_64 nss-softokn-freebl-3.14.3-22.el6_6.x86_64 nss-util-3.19.1-1.el6_6.x86_64 openssl-1.0.1e-42.el6.x86_64 pcre-7.8-7.el6.x86_64 perl-libs-5.10.1-141.el6.x86_64 popt-1.13-7.el6.x86_64 rpm-libs-4.8.0-47.el6.x86_64 tcp_wrappers-libs-7.6-57.el6.x86_64 xz-libs-4.999.9-0.5.beta.20091007git.el6.x86_64 zlib-1.2.3-29.el6.x86_64
(gdb) bt
#0  0x00007f8f2a2aa9da in update_dialog_vars_dbinfo (cell=0x7f8f1634b738, var=0x3433) at dlg_db_handler.c:651
#1  0x00007f8f2a2ab511 in update_dialog_dbinfo_unsafe (cell=0x7f8f1634b738) at dlg_db_handler.c:718
#2  0x00007f8f2a2acafc in update_dialog_dbinfo (cell=0x7f8f1634b738) at dlg_db_handler.c:861
#3  0x00007f8f2a2ec3dc in set_dlg_variable (dlg=0x7f8f1634b738, key=0x7f8f2adeb760, val=0x7ffcbe736190) at dlg_var.c:305
#4  0x00007f8f2abc9a9c in set_start_time (dialog=0x7f8f1634b738) at acc_cdr.c:523
#5  0x00007f8f2abcf932 in cdr_on_create (dialog=0x7f8f1634b738, type=2, params=0x7f8f2a50d0a0) at acc_cdr.c:790
#6  0x00007f8f2a29b398 in run_create_callbacks (dlg=0x7f8f1634b738, msg=0x7f8f2d904b48) at dlg_cb.c:230
#7  0x00007f8f2a2b5590 in dlg_new_dialog (req=0x7f8f2d904b48, t=0x7f8f1734ba58, run_initial_cbs=1) at dlg_handlers.c:865
#8  0x00007f8f2a2b4006 in dlg_onreq (t=0x7f8f1734ba58, type=1, param=0x7f8f2d6a9760) at dlg_handlers.c:717
#9  0x00007f8f2d3edc3a in run_reqin_callbacks_internal (hl=0x7f8f162a1480, trans=0x7f8f1734ba58, params=0x7f8f2d6a9760) at t_hooks.c:360
#10 0x00007f8f2d3edd48 in run_reqin_callbacks (trans=0x7f8f1734ba58, req=0x7f8f2d904b48, code=1) at t_hooks.c:385
#11 0x00007f8f2d3aeb58 in build_cell (p_msg=0x7f8f2d904b48) at h_table.c:356
#12 0x00007f8f2d3ff283 in new_t (p_msg=0x7f8f2d904b48) at t_lookup.c:1269
#13 0x00007f8f2d4004b3 in t_newtran (p_msg=0x7f8f2d904b48) at t_lookup.c:1409
#14 0x00007f8f2d3d4e9c in t_relay_to (p_msg=0x7f8f2d904b48, proxy=0x0, proto=0, replicate=0) at t_funcs.c:236
#15 0x00007f8f2d413bbb in _w_t_relay_to (p_msg=0x7f8f2d904b48, proxy=0x0, force_proto=0) at tm.c:1476
#16 0x00007f8f2d414d20 in w_t_relay (p_msg=0x7f8f2d904b48, _foo=0x0, _bar=0x0) at tm.c:1677
#17 0x000000000041ddad in do_action (h=0x7ffcbe736fb0, a=0x7f8f2d7b8f60, msg=0x7f8f2d904b48) at action.c:1053
#18 0x000000000042a4c3 in run_actions (h=0x7ffcbe736fb0, a=0x7f8f2d7b8f60, msg=0x7f8f2d904b48) at action.c:1548
#19 0x000000000042ab28 in run_actions_safe (h=0x7ffcbe737bd0, a=0x7f8f2d7b8f60, msg=0x7f8f2d904b48) at action.c:1613
#20 0x0000000000543c94 in rval_get_int (h=0x7ffcbe737bd0, msg=0x7f8f2d904b48, i=0x7ffcbe737488, rv=0x7f8f2d7b95b0, cache=0x0) at rvalue.c:912
#21 0x0000000000547ecc in rval_expr_eval_int (h=0x7ffcbe737bd0, msg=0x7f8f2d904b48, res=0x7ffcbe737488, rve=0x7f8f2d7b95a8) at rvalue.c:1906
#22 0x00000000005482c2 in rval_expr_eval_int (h=0x7ffcbe737bd0, msg=0x7f8f2d904b48, res=0x7ffcbe737910, rve=0x7f8f2d7b9ca8) at rvalue.c:1914
#23 0x000000000041d897 in do_action (h=0x7ffcbe737bd0, a=0x7f8f2d7b9258, msg=0x7f8f2d904b48) at action.c:1029
#24 0x000000000042a4c3 in run_actions (h=0x7ffcbe737bd0, a=0x7f8f2d6fc308, msg=0x7f8f2d904b48) at action.c:1548
#25 0x000000000042abf0 in run_top_route (a=0x7f8f2d6fc308, msg=0x7f8f2d904b48, c=0x0) at action.c:1634
#26 0x000000000050a938 in receive_msg (
    buf=0xa6fee0 "INVITE sip:09011112222 at 192.168.2.189:5060 SIP/2.0\r\nVia: SIP/2.0/UDP 192.168.0.190:5010;rport;branch=z9hG4bK-21407-8914-4\r\nFrom: \"user1\" <sip:user1 at test1.com>;tag=21407SIPpTag008914\r\nTo: <sip:090111122"..., len=941, rcv_info=0x7ffcbe737ec0) at receive.c:196
#27 0x000000000060a3ea in udp_rcv_loop () at udp_server.c:495
#28 0x00000000004a7ef7 in main_loop () at main.c:1573
#29 0x00000000004ae2d2 in main (argc=7, argv=0x7ffcbe7382f8) at main.c:2533
(gdb) frame 0
#0  0x00007f8f2a2aa9da in update_dialog_vars_dbinfo (cell=0x7f8f1634b738, var=0x3433) at dlg_db_handler.c:651
651		SET_STR_VALUE(values+2, var->key);
(gdb) p *cell
$1 = {ref = 1, next = 0x0, prev = 0x0, h_id = 1892, h_entry = 1828, state = 1, lifetime = 10800, init_ts = 1440744243, start_ts = 0, dflags = 0, iflags = 0, sflags = 0, toroute = 0, toroute_name = {
    s = 0x0, len = 0}, from_rr_nb = 0, tl = {next = 0x0, prev = 0x0, timeout = 0}, callid = {
    s = 0x7f8f1634b898 "8914-21407 at 192.168.0.190sip:user1 at test1.comsip:09011112222 at 192.168.2.189:5060sip:09011112222 at 192.168.2.190:503000", len = 24}, from_uri = {
    s = 0x7f8f1634b8b0 "sip:user1 at test1.comsip:09011112222 at 192.168.2.189:5060sip:09011112222 at 192.168.2.190:503000", len = 19}, to_uri = {
    s = 0x7f8f1634b8c3 "sip:09011112222 at 192.168.2.189:5060sip:09011112222 at 192.168.2.190:503000", len = 34}, req_uri = {s = 0x7f8f1634b8e5 "sip:09011112222 at 192.168.2.190:503000", len = 34}, tag = {{
      s = 0x7f8f162ce7e8 "21407SIPpTag008914sip:user1 at 192.168.2.50:5010\177", len = 18}, {s = 0x0, len = 0}}, cseq = {{s = 0x7f8f16fba118 "802r1\004", len = 3}, {s = 0x0, len = 0}}, route_set = {{
      s = 0x0, len = 0}, {s = 0x0, len = 0}}, contact = {{s = 0x7f8f162ce7fa "sip:user1 at 192.168.2.50:5010\177", len = 27}, {s = 0x0, len = 0}}, bind_addr = {0x7f8f2d6db730, 0x0}, cbs = {
    first = 0x7f8f16e46230, types = 41172}, profile_links = 0x7f8f163601b0, vars = 0x7f8f1701b1e0}
(gdb) p *cell->vars
$2 = {key = {s = 0x7f8f171ca438 "answer_time", len = 11}, value = {s = 0x7f8f16379fe0 "1440744243.165", len = 14}, vflags = 0, next = 0x7f8f1638e108}
(gdb) 
$3 = {key = {s = 0x7f8f171ca438 "answer_time", len = 11}, value = {s = 0x7f8f16379fe0 "1440744243.165", len = 14}, vflags = 0, next = 0x7f8f1638e108}
(gdb) set $p=cell->vars->next
(gdb) while ($p != 0)
 >p *$p
 >set $p=$p->next
 >end
$4 = {key = {s = 0x7f8f163b06c8 "calling_number", len = 14}, value = {s = 0x7f8f170c3760 "calling_number", len = 10}, vflags = 0, next = 0x7f8f16375c78}
$5 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$6 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$7 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$8 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$9 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$10 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$11 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$12 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$13 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$14 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$15 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$16 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$17 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$18 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$19 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$20 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$21 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$22 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$23 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$24 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$25 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$26 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$27 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$28 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$29 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$30 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$31 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$32 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$33 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$34 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$35 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$36 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$37 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$38 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$39 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$40 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$41 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$42 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$43 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$44 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$45 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$46 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$47 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$48 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$49 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$50 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$51 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$52 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$53 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$54 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$55 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$56 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$57 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$58 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
$59 = {key = {s = 0x7f8f16fc1730 "test1.comon", len = 11}, value = {s = 0x7f8f17095908 "caller_username", len = 11}, vflags = 0, next = 0x7f8f16f97908}
$60 = {key = {s = 0x7f8f163a4290 "caller_username", len = 11}, value = {s = 0x7f8f163a7bf8 "caller_domain", len = 11}, vflags = 0, next = 0x7f8f16375c78}
---Type <return> to continue, or q <return> to quit---
```



---
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/301#issuecomment-135664862
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20150828/cf00a547/attachment-0001.html>


More information about the sr-dev mailing list